Skip to main content
  1. Home
  2. Computing
  3. News

Internet Explorer Zero-Day Bug Used in Google Attack

By
internet-explorer-logo
Image used with permission by copyright holder

Microsoft has acknowledged a so-called zero-day vulnerability in Microsoft Internet Explorer was used in attacks on Google and 20 or more other companies doing business doing business in China. Microsoft’s notification about the flaw coincided with a public statement from computer security firm McAfee, describing the bug and how it was used to target Google and other corporate networks.

The flaw impacts all officially supported combinations of Microsoft’s Internet Explorer browser and Windows operating system, with the sole exception of using very-old Internet Explorer 5.01 on Windows 2000 Service Pack 4. That means that essentially anyone using Internet Explorer 6, 7, or 8 on Windows 2000 SP4, Windows XP, Windows Vista, Windows 7, and Windows Server is vulnerable to the problem, across both 32- and 64-bit versions of the operating systems.

Recommended Videos

Attackers—which VeriSign’s iDefense has identified as the Chinese government or agents thereof—exploited the flaw by sending messages to targeted Google employees, forged to look like they were from a trusted source. If a user clicked a malicious link in the message, the users’ computers were compromised, downloading and installing backdoor software that enabled attackers to gain complete control of the computer. Presumably, from there, attackers monitored computer usage and data in an effort to obtain passwords and other valuable information.

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, HBO Max, and more

McAfee is dubbing the attacks against Google and other companies’ operations in China “operation Aurora” because the word “Aurora” appears in file paths included in two of the malware binaries associated with the attack. The pathname would presumably have come from the attackers’ systems. McAfee describes “Operation Aurora” as a coordinated, highly targeted attack going after high profiled companies and their intellectual property, coordinated to take place while many employees were away on December holidays to maximize the amount of time the attack could operate. “All I can say is wow,” wrote McAfee CTO George Kurtz. “The world has changed. Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats.”

Geoff Duncan
Geoff Duncan
Former Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Topics

Editors’ Recommendations

Google Fiber is bringing high-speed internet to five new states
google fiber tv hands on box remote 2

In what is the first significant expansion since pausing new construction in late 2016, Google recently detailed future plans to bring its Fiber internet services to more regions. The company now says it is planning to deliver high-speed internet through Google Fiber to five new states, specifically Arizona, Colorado, Nebraska, Nevada, and Idaho.

According to Google Fiber's Dinni Jain, Google has been busy the past several years behind the scenes. In a blog post, Jain mentioned the teams have been focusing on the Google Fiber vision and have been looking at refinements to service delivery and products. Jain also said the Google Fiber team traveled across the United States and had conversations with elected officials to bring internet to businesses and residents "as quickly as possible."

Read more
Why I still use Microsoft’s Office suite instead of Google’s free options
Computer user touching on Microsoft Word icon to open the program.

You can find all sorts of comparisons if you search the internet for Microsoft Office versus Google apps. And these side-by-side comparisons are helpful if you’re deciding between the two productivity suites. If it comes to cost, many simply find Google’s free apps like Docs, Sheets, and Slides the obvious choice. 

But if you’re like me and use these types of applications many, many times per day, or even for running a small business, you have to look at more than the price tag.

Read more
Internet Explorer’s slow death has finally come to an end
An Internet Explorer desktop icon.

Today, Microsoft is concluding the retirement and end-of-life support for its Internet Explorer browser.

This will finalize a months-long transition from Internet Explorer to Microsoft Edge. Edge has been the brand's primary browser since early 2020, which now comes as the default browser on new Windows devices.

Read more